package com.he.hsdyc.security.config;


import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.web.cors.CorsUtils;

/**
 * Created with IntelliJ IDEA.
 * User2: jc
 * Date: 2019-06-11
 * Time: 14:14
 */
@Configuration
@EnableResourceServer
public class MyResourceServerConfig extends ResourceServerConfigurerAdapter {



    @Override
    public void configure(HttpSecurity http) throws Exception {

//        //表单登录 方式
//        http.formLogin()
//                .loginPage("/authentication/require")
//                //登录需要经过的url请求
//                .loginProcessingUrl("/authentication/form")
//                .successHandler(myAuthenticationSuccessHandler)
//                .failureHandler(myAuthenticationFailHandler);

            http
                    .cors().and().csrf().disable().authorizeRequests()
                //处理跨域请求中的Preflight请求
                    .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                    .and()

                    .authorizeRequests()
                    .antMatchers("/oauth/token").permitAll()
                    .antMatchers("/login/**").permitAll()
                    .antMatchers("/aop/**").permitAll()
                    .antMatchers("/oss/**").permitAll()
                    .antMatchers("/**").authenticated();
    }
}
